What is CPRA?
CPRA is an improved version of CCPA.
The California Privacy Rights Act (CPRA) is a new law that has replaced the California Consumer Protection Act (CCPA). It contains many similar provisions to the CCPA but also includes some notable changes. CPRA is intended to provide greater clarity regarding privacy rights in California, while also providing more specific guidance on what companies can and cannot do when it comes to collecting personal information from consumers.
The changes include:
- – Raises the threshold for companies to be covered by the Consumer Credit Protection Act from 50,000 consumers/households to 100,000, and it excludes devices from being subject to the law.
- – Expands the definition of businesses that share personal information among themselves and businesses that are commonly controlled.
- – Introduces a new category of personal information (PI), called sensitive PI. It requires additional security measures and opt-out opportunities.
- – Extends the right to opt out of having personal information shared with third parties for advertising purposes.
- – Addition of the right to request the deletion or correction of their personal information.
- – Expands the consumer’s right to know to include access to PI used for automated decision-making.
- – Establishes a new agency California Privacy Protection Agency (CPPA) to administer privacy and data protection, in addition to creating an auditor who will monitor compliance with the law.
- – Requires that consent must be explicit, separate from other terms and conditions. Implied opt-in consent is not allowed (after the user has already opted out). Also, the use of dark patterns for obtaining consent is prohibited.
- – Increases the penalties for violating laws pertaining to the privacy of minors. The CPPA can also investigate possible violations.
Read more about CPRA here.